US12561415B2ActiveUtilityA1

Generation of cryptographic keys

47
Assignee: ERICSSON TELEFON AB L MPriority: Aug 26, 2020Filed: Aug 26, 2020Granted: Feb 24, 2026
Est. expiryAug 26, 2040(~14.1 yrs left)· nominal 20-yr term from priority
G06F 21/602H04L 63/0861H04L 63/062G06F 21/73H04L 9/3278H04L 9/0869H04L 9/0866G06F 21/32H04L 9/3231
47
PatentIndex Score
0
Cited by
8
References
24
Claims

Abstract

There is provided mechanisms for generating a cryptographic key for a user. The method is performed by a cryptographic key generator device. The method comprises authenticating the user using biometrics data read from the user using a biometrics reader. The method comprises obtaining, only when having authenticated the user, a PUF response from a PUF entity by providing a challenge based on biometrics response data to the PUF entity. The biometrics response data is a function of the biometrics data. The method comprises generating the cryptographic key using a cryptographic function and by seeding the cryptographic function with the PUF response.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
         1 . A method for generating a cryptographic key (K) for a user, the method being performed by a cryptographic key generator device, the method comprising:
 authenticating the user using biometrics data (I, J) read from the user using a biometrics reader;   obtaining, only when having authenticated the user, a Physically Unclonable Function (PUF) response (P) from a PUF entity by providing a challenge (C) based on biometrics response data (R*) to the PUF entity, wherein the biometrics response data (R*) is a function of the biometrics data (I, J); and   generating the cryptographic key (K) using a cryptographic function (F) and by seeding the cryptographic function (F) with the PUF response (P), wherein the method further comprises reading a user-defined input string as provided by the user, wherein the PUF response (P) is a biometrical and user-defined unique PUF response (P) obtained by providing the user-defined input string and the biometrics response data (R*) as a joint challenge (C) to the PUF entity.   
     
     
         2 . The method according to  claim 1 , wherein authenticating the user comprises:
 extracting a set of biometric features(S) from the biometrics data (I, J);   transforming the set of biometric features(S) into transformed biometrics data (R); and   authenticating the user when the cryptographic key generator device can find stored biometrics response data (R*) that fulfils a matching criterion for the transformed biometrics data (R).   
     
     
         3 . The method according to  claim 2 , wherein the stored biometrics response data (R*) that fulfils the matching criterion equals the biometrics response data (R*) that is a function of the biometrics data (I, J). 
     
     
         4 . The method according to  claim 1 , wherein authenticating the user comprises:
 extracting a set of biometric features(S) from the biometrics data (I, J);   authenticating the user when the cryptographic key generator device can find stored a stored template of biometrics data (T) that fulfils a matching criterion for the set of biometric features(S).   
     
     
         5 . The method according to  claim 4 , wherein each stored template (T) of the biometrics data (I, J) is associated with biometrics response data (R*). 
     
     
         6 . The method according to  claim 2 , wherein the set of biometric features(S) is subjected to error correction. 
     
     
         7 . The method according to  claim 2 , wherein the set of biometric features(S) is not subjected to error correction. 
     
     
         8 . The method according to  claim 1 , wherein authenticating the user is independent from the user-defined input string. 
     
     
         9 . The method according to  claim 1 , wherein biometrics data (I, J) of the user from at least two separate biometric input sources are combined when authenticating the user. 
     
     
         10 . The method according to  claim 1 , wherein the data being a function of the biometrics data (I, J) is a function of biometrics data (I, J) of the user from at least two separate biometric input sources. 
     
     
         11 . The method according to  claim 9 , wherein there at least two separate biometric input sources of different types. 
     
     
         12 . The method according to  claim 9 , wherein there at least two separate biometric input sources of same type. 
     
     
         13 . A cryptographic key generator device for generating a cryptographic key (K) for a user, the cryptographic key generator device comprising processing circuitry, the processing circuitry being configured to cause the cryptographic key generator device to:
 authenticate the user using biometrics data (I, J) read from the user using a biometrics reader;   obtain, only when having authenticated the user, a Physically Unclonable Function (PUF) response (P) from a PUF entity by providing a challenge (C) based on biometrics response data (R*) to the PUF entity, wherein the biometrics response data (R*) is a function of the biometrics data (I, J); and   generate the cryptographic key (K) using a cryptographic function (F) and by seeding the cryptographic function (F) with the PUF response (P), wherein the processing circuitry further performs reading a user-defined input string as provided by the user, wherein the PUF response (P) is a biometrical and user-defined unique PUF response (P) obtained by providing the user-defined input string and the biometrics response data (R*) as a joint challenge (C) to the PUF entity.   
     
     
         14 . The cryptographic key generator device of  claim 13 , wherein authenticating the user comprises:
 extracting a set of biometric features(S) from the biometrics data (I, J);   transforming the set of biometric features(S) into transformed biometrics data (R); and   authenticating the user when the cryptographic key generator device can find stored biometrics response data (R*) that fulfils a matching criterion for the transformed biometrics data (R).   
     
     
         15 . The cryptographic key generator device of  claim 14 , wherein the stored biometrics response data (R*) that fulfils the matching criterion equals the biometrics response data (R*) that is a function of the biometrics data (I, J). 
     
     
         16 . The cryptographic key generator device of  claim 13 , wherein authenticating the user comprises:
 extracting a set of biometric features(S) from the biometrics data (I, J);   authenticating the user when the cryptographic key generator device can find stored a stored template of biometrics data (T) that fulfils a matching criterion for the set of biometric features(S).   
     
     
         17 . The cryptographic key generator device of  claim 16 , wherein each stored template (T) of the biometrics data (I, J) is associated with biometrics response data (R*). 
     
     
         18 . The cryptographic key generator device of  claim 14 , wherein the set of biometric features(S) is subjected to error correction. 
     
     
         19 . The cryptographic key generator device of  claim 14 , wherein the set of biometric features(S) is not subjected to error correction. 
     
     
         20 . The cryptographic key generator device of  claim 13 , wherein authenticating the user is independent from the user-defined input string. 
     
     
         21 . The cryptographic key generator device of  claim 13 , wherein biometrics data (I, J) of the user from at least two separate biometric input sources are combined when authenticating the user. 
     
     
         22 . The cryptographic key generator device of  claim 13 , wherein the data being a function of the biometrics data (I, J) is a function of biometrics data (I, J) of the user from at least two separate biometric input sources. 
     
     
         23 . The cryptographic key generator device of  claim 22 , wherein there at least two separate biometric input sources of different types. 
     
     
         24 . The cryptographic key generator device of  claim 22 , wherein there at least two separate biometric input sources of same type.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.